A relevant degree in Computer Science, Information Technology, Risk Management or equivalent at NQF level 8.
At least 4 years in an IT or information security risk management role
Responsibilities:
Take overall accountability of the IT risk management function, ensuring that the objectives of IT risk management meets the business strategic objectives
Develop, establish, and implement policies and frameworks for IT risk management, including the consideration of the necessary risk appetite statements and key risk indicators
Perform and monitor IT risk assessments, which comprise identifying, assessing, measuring, prioritizing and reporting risks that may impact the business
Work closely with business and IT risk owners to co-create plans and solutions and ensure proactive risk management is embedded in the business / risk owners processes
Develop remedial plans with IT risk owners to manage IT risks to desired levels on an ongoing basis
Provide assurance on material IT risk exposures to the company's CRO and Executive Committee
Driving the embedment of the applicable information technology regulatory and compliance standards
Challenging the IT risk profile through risk assessments and control adequacy reviews
Reporting on IT risk exposures, the IT risk profile and associated mitigating plans to the relevant governance structures at the company's level
Submission of the necessary quarterly IT risk assessments to Group IT
Attending the company's Risk Forum, IT Risk committee and any other quarterly governance meetings deemed appropriate
Liaising with internal and external audit, thus managing all IT-related audits, including the tracking of IT-related audit findings
Ensure that regular (at least quarterly) Logical User Access Management assessment is completed
Ensure quarterly SANS Top 20 is submitted to IT Security
IT subject matter expert as part of the third-party risk assessment and onboarding process within the company
Support the Business Continuity Champion during the annual disaster recovery testing process, where deemed appropriate
Requires an in-depth knowledge of information technology issues, techniques and implications across a wide variety of existing information technology platforms
In-depth understanding of risk management practices
Knowledge of the relevant regulatory, legislative, governance, risk and compliance landscapes would be beneficial to the role
Understanding of Enterprise Risk Management (ERM) and Own Risk and Solvency Assessment (ORSA) practices and philosophies would also be beneficial to the role